Does BSD support "Q" yet? Linux stole the "P" code ages ago and implemented "Q" but released it under a restrictive license that prevents the original authors from using the new features. Come on, get with it BSD!

Let us look at 3 main points, of which the last is the most important.

1. Secure by default. Yes, having services turned off by default is a good move. It also actually has nothing to do with the security of what you actually have running.

2. Auditing. Only the base system is audited. The ports are often quite far behind. Most attacks are not against "the base system".

3. Lastly...OpenBSD, by design, is not a secure system. A secure system is much, much more than just a lack of vulnerabilities. It is the ability to have controls and lock down things, to prevent unauthorized access. Instead, the OpenBSD approach does it's very best to assume that people don't get in, but does little to help when something does go wrong. Or, you know, if you even wanted to actually restrict access with more than just the user/group scheme. Hell, they don't even have a basic ACL. VMS was a secure system. Very recent editions of Windows are well on their way to becoming secure systems. OpenBSD is not.

In fact, as it stands, Linux is a far, far more secure system, because of access to things like SELinux and RSBAC. These frameworks allow you to lock down and control every aspect of your system. Anything you want to restrict and how, you basically can. It takes the "everything is a file" philosophy to the next step. These systems are more secure for one simple reason. You should be prepared in case someone does, not simply try to eliminate all bugs all together, which while noble, is a flawed attempt. Not to mention the inability to restrict legitimate users on the system in a limiting way...

Instead, if someone successfully gets root on OpenBSD..then they have root, This is getting better with privilege separated stuff, but Linux had this in 3rd party patches about 10 years ago. With SELinux and RSBAC, you can remove the concept of root. If someone hacks a webserver...well, the webserver does not need write access, except maybe to tmp, it won't need execute access, it won't need to initiate outgoing connections, and it won't need write access, only append access to/var/log. The attacker can't do anything, and you simply can't do something similar with OpenBSD.

In fact, despite Theo being staunchly opposed to such attempts, there was one. Systrace. It was nowhere near as powerful or flexible as the aforementioned frameworks, but it was a start. Instead, The developers decided to use an insecure technique, system call interposition [psu.edu], shown to be insecure. After this they gave up.

OpenBSD is an extremely quality codebase, and it is more secure for small stuff and does make a good router or firewall. It is by no means a secure system though, and should not be hailed as one.

I swear the release songs are what excites me the most about each OpenBSD release song.:-)

I also find myself agreeing with most of them too. This last one is particularly poignant. I feel the same way a lot of the time, that the technology is trying to be too controlling, that there is too much (technological) power in the hands of the big monopolies, that our choices are dwindling and we must defend them.

Don't ask me to rationally defend all these positions. I just don't like one-button iPods, locked down formats, binary-only blobs, and whereas most every other user of technology is happy with them, I am not.